security-specialist
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, bypass attempts, or security vulnerabilities were detected. The skill is designed to improve the security posture of applications through best-practice guidance.
- [EXTERNAL_DOWNLOADS]: The skill references official SDKs and libraries from well-known identity services (Auth0 and Clerk) to provide technical implementation guidance. These are recognized industry-standard tools.
- [CREDENTIALS_UNSAFE]: The documentation includes educational examples of insecure credential handling in 'BAD' practice sections. These use non-functional placeholders (e.g., 'sk_test_YOUR_SECRET_KEY_HARDCODED') and do not expose any real secrets.
- [PROMPT_INJECTION]: The Legal Compliance Checker persona involves processing external data such as terms of service and privacy policies. While this creates a potential surface for indirect prompt injection, it is the primary intended function of the auditor.
- Ingestion points: External legal documents and local project files (via Read/Grep tools).
- Boundary markers: Not explicitly specified in the persona instructions.
- Capability inventory: File reading and writing (Read, Write, MultiEdit), web searching (WebSearch), and text search (Grep).
- Sanitization: No specific sanitization logic is defined for the input data.
Audit Metadata